In June, CPA Ontario (Chartered Professional Accountants of Ontario) announced they had been breached, the data of nearly 330 thousand individuals were posted online. Names, addresses’, emails and employment information were stolen, leaving these people vulnerable to phishing scams and other forms of attack. This is becoming a rampant issue; every few days we are reading about an organization that has been breached, along with the risks and costs associated with it.
IBM Security published a global study on the impact of financial breaches, revealing that each occurrence; on average; cost companies $3.86 million. With compromised employee accounts as the most expensive source.
In light of COVID-19, more employees are beginning to work from home and they need access to sensitive company information daily. Working remotely, whether from home, a coffee shop or a library, leaves our devices at risk as we access cloud-based enterprise networks. Human error has been attributed to more than 25% of breaches investigated; leaving devices alone in public areas, using weak passwords, succumbing to phishing scams or emailing sensitive information to third parties are all examples of human error.
Ensuring employees use proper password management and have adequate training to prevent cyber-attacks are some steps organizations can take to prevent a breach but it shouldn’t stop there. Securing your network and having a disaster recovery plan are important stepping stones to securing your network from malicious attacks.
What to do?
An organization will inevitably experience a breach, which can cause millions of dollars in restitution while tarnishing their reputation. When sensitive information is exposed it can leave both business and personal data at stake. When Uber was hacked in 2016, over 57 million people were affected; both riders and drivers, due to data being exposed on a third-party cloud-based server. It caused Uber to pay out over $100,000 to hackers to avoid data getting leaked on the internet. Other instances can see data deleted if companies do not pay up to a hacker’s demand; if the data is not backed up they lose important information instantly.
When businesses focus on the Cyber Security element of IT they are taking a step in the right direction to protect their data and secure their devices. The truth is, you don’t know, what you don’t know. Starting with a trusted technical resource, you can find a team of professionals with the knowledge and experience to increase your security stance.
By implementing cybersecurity training for employees, spending money on the right products and services and investing in cyber insurance, companies will find themselves better prepared with a recovery plan should disaster strike.
The Human Error
Human beings aren’t perfect, and our creativity in password creation shows it. Our default tends to be; what we know. It makes things simple and easy to remember, but also easy to guess. By using password managers, creating complex passwords is a click away. They save login information in secure and encrypted software, all you need to do is remember one password to log in. Having multi-factor authentication in place can also ensure that regardless of where an employee logs in, the device and request will always be validated.
Utilizing anti-phishing tests and security awareness training can make your organization stronger by pinpointing areas of weakness and educating employees on how to look for attacks and report them. Whether working with your internal IT department or an MSP, they can identify the right path and provider you need.
With the rise of the remote workforce, more firms are allowing their employees to use personal devices to access company information due to cost savings and ease of use. There are risks associated with BYOD so it’s important to establish policies around Mobile Device Management. This can ensure that sensitive company information remains secure while your employees are shopping online or scrolling through Facebook.
Many businesses don’t consider the element of cyber insurance because, most likely, they haven’t experienced a breach. It can be hard for companies to spend the additional money when they don’t see the value in it, but what happens if you do have a breach?
There is a financial loss to consider; compensating affected customers or clients, costs associated with containing the breach, decreased share value and heightened security costs, to name a few. Without cyber insurance, organizations are left to pay out of pocket, resulting in revenue loss.
Legal ramifications and operational disruptions are other important ramifications, but reputational damage can be the most debilitating. You were responsible for keeping your customer’s information safe and you failed.
Cyber insurance would cover your business’ liability should a breach occur; the insurance firm would handle notifying the customers of a breach, restoring personal information of those affected, recovering compromised data and repairing damaged computer systems. That’s not all, most insurers offer public relations to help restore and rebuild trust in your public image. This can go a long way in restoring lost revenue. There is also the option for credit monitoring and helping victims of identity theft restore their credit history. Having cyber insurance can be a lifesaver and is recommended as an add on for any business’ errors and omissions liability insurance.
Gaining the right level of basic security and technology processes can seem overwhelming, with the vast amount of information available, how do you know if you’re making the right choices? Without the right tools, you may not see that a problem is there and before you know, it’s too late.
Investing in cybersecurity makes sense, especially since we have moved from “if” a breach will occur to “when”. It’s no longer enough to have a plan that deals with the effects of an attack, you also need to be proactive in your monitoring and reporting. Having continuous, comprehensive visibility into the weaknesses and vulnerabilities of your organization and identifying how those weaknesses will impact you will help you to prioritize fixes for the most fragile areas. Spending money to upgrade your endpoint protection and security posture can be considered insurance against the risk of breach.
Fusion Computing has in-depth experience working with security, let us be your trusted IT Security resource. Learn more about our flat fee IT service today.
A breach is no joke, it can have disastrous consequences on any business if not handled properly. Executing BYOD policies, providing adequate training for employees, utilizing password managers and MFA while backing up data is a great proactive approach to managing cybersecurity.
After a data breach occurs, organizations need to get ahead using open and honest communication with their customers, taking accountability and providing a solution. You can’t change that the information loss has occurred, but you can define how you deal with it and learn from the experience.
Working with a technical resource you trust who is experienced in cybersecurity and IT operations will help bridge the gap between what you don’t know and what you need to know.